git: b32b229ab83e - main - security/vuxml: add FreeBSD SAs issued on 2024-09-19
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 20 Sep 2024 06:19:45 UTC
The branch main has been updated by philip: URL: https://cgit.FreeBSD.org/ports/commit/?id=b32b229ab83e79939d076c117b057270da7061d3 commit b32b229ab83e79939d076c117b057270da7061d3 Author: Philip Paeps <philip@FreeBSD.org> AuthorDate: 2024-09-20 06:13:37 +0000 Commit: Philip Paeps <philip@FreeBSD.org> CommitDate: 2024-09-20 06:13:37 +0000 security/vuxml: add FreeBSD SAs issued on 2024-09-19 FreeBSD-SA-24:15.bhyve affects all supported versions of FreeBSD FreeBSD-SA-24:16.libnv affects all supported versions of FreeBSD --- security/vuxml/vuln/2024.xml | 84 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index fa69689bed0f..e770bbdf338e 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,87 @@ + <vuln vid="93c12fe5-7716-11ef-9a62-002590c1f29c"> + <topic>FreeBSD -- Integer overflow in libnv</topic> + <affects> + <package> + <name>FreeBSD-kernel</name> + <range><ge>14.1</ge><lt>14.1_5</lt></range> + <range><ge>14.0</ge><lt>14.0_11</lt></range> + <range><ge>13.4</ge><lt>13.4_1</lt></range> + <range><ge>13.3</ge><lt>13.3_7</lt></range> + </package> + <package> + <name>FreeBSD</name> + <range><ge>14.1</ge><lt>14.1_5</lt></range> + <range><ge>14.0</ge><lt>14.0_11</lt></range> + <range><ge>13.4</ge><lt>13.4_1</lt></range> + <range><ge>13.3</ge><lt>13.3_7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>A malicious value of size in a structure of packed libnv can + cause an integer overflow, leading to the allocation of a smaller + buffer than required for the parsed data. The introduced check was + incorrect, as it took into account the size of the pointer, not the + structure. This vulnerability affects both kernel and userland.</p> + <p>This issue was originally intended to be addressed as part of + FreeBSD-SA-24:09.libnv, but due to a logic issue, this issue was + not properly addressed.</p> + <h1>Impact:</h1> + <p>It is possible for an attacker to overwrite portions of memory + (in userland or the kernel) as the allocated buffer might be smaller + than the data received from a malicious process. This vulnerability + could result in privilege escalation or cause a system panic.</p> + </body> + </description> + <references> + <cvename>CVE-2024-45287</cvename> + <freebsdsa>SA-24:16.libnv</freebsdsa> + </references> + <dates> + <discovery>2024-09-19</discovery> + <entry>2024-09-20</entry> + </dates> + </vuln> + + <vuln vid="1febd09b-7716-11ef-9a62-002590c1f29c"> + <topic>FreeBSD -- bhyve(8) out-of-bounds read access via XHCI emulation</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>14.1</ge><lt>14.1_5</lt></range> + <range><ge>14.0</ge><lt>14.0_11</lt></range> + <range><ge>13.4</ge><lt>13.4_1</lt></range> + <range><ge>13.3</ge><lt>13.3_7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>bhyve can be configured to emulate devices on a virtual USB + controller (XHCI), such as USB tablet devices. An insufficient + boundary validation in the USB code could lead to an out-of-bounds read + on the heap, which could potentially lead to an arbitrary write and + remote code execution.</p> + <h1>Impact:</h1> + <p>A malicious, privileged software running in a guest VM can exploit + the vulnerability to crash the hypervisor process or potentially achieve + code execution on the host in the bhyve userspace process, which + typically runs as root. Note that bhyve runs in a Capsicum sandbox, so + malicious code is constrained by the capabilities available to the bhyve + process.</p> + </body> + </description> + <references> + <cvename>CVE-2024-41721</cvename> + <freebsdsa>SA-24:15.bhyve</freebsdsa> + </references> + <dates> + <discovery>2024-09-19</discovery> + <entry>2024-09-20</entry> + </dates> + </vuln> + <vuln vid="3e738678-7582-11ef-bece-2cf05da270f3"> <topic>Gitlab -- vulnerabilities</topic> <affects>